TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Is there any script that can be used such that the console is sending the mail
instead???
Cheers
--
On Thu, 3 Aug 2000 14:58:58 Lindley, Jim (ISSAtlanta) wrote:
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
>George et al:
>
>The TCP RST packets ARE generated by the "stealth" NIC, since that is the
>NIC on the monitored network. Since the IP/MAC address information is
>available to RS from BOTH ends of the suspect TCP session, RS builds TWO
>spoofed TCP RST packets using the IP/MAC information and sends each end of
>the suspect TCP session a TCP RST that purports to come from the other end
>of the session. Therefore, each end of the session being RSTed believes the
>other end called off the conversation. These TCP RST packets are the ONLY
>output ever issued by the stealth NIC. All other responses that require
>communication are generated by the "reporting" NIC and sent to the network
>on which the monitoring RS Console is placed. If that network has no exit
>point for SNMP/SMTP/pagers/etc, then you have an "out-of-band" network,
>which is more secure BUT you loose the ability to use the SMTP/SNMP/pager
>responses.
>
>James R Lindley
>Anomaly Detection Xpert
>X-Force Surveillance and Response Unit
>Managed Security Services
>Internet Security Systems Inc
>Vox: 678-443-6323
>Fax: 678-443-6482
>An unquenchable thirst for Pierian Waters.
>
>Internet Security Systems - The Power To Protect.
>-----Original Message-----
>From: George Milliken [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, August 02, 2000 6:57 PM
>To: Mark S. Velasquez
>Cc: [EMAIL PROTECTED]
>Subject: Re: **RealSecure 5.0 & E-Mail Alerts**
>
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
>problems!
>----------------------------------------------------------------------------
>
>For that matter, how do TCP RS KILLs happen across the "secure" stealth
>interface?
>
>We have puzzled on this much recently. We assume the emails go out
>over the internal interface but I have not verified that via sniffer.
>
>But, how do the resets happen??? There is not guarentee that the
>internal interface can route packets back to the stealth (outside) side
>of the network.
>
>Anybody got a clue?
>
>
>
>
>
>"Mark S. Velasquez" wrote:
>>
>> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
>to
>> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
>problems!
>>
>----------------------------------------------------------------------------
>>
>> I've installed RealSecure 5.0. The Network Sensors are installed on
>> Sparc Solaris 7.0 platforms with the monitoring interface in stealth
>> mode( no IP assigned to it, no arp, etc.), and a second interface on a
>> private Network to the monitoring Console.
>>
>> My question concerns E-Mail Responses. I'd assumed that the monitoring
>> console sent them. From reading the manual it appears that the Network
>> Sensor sends them...if so how is this supposed to work in a secure
>> setup( it cant' send via the stealth-configured interface... and the
>> other interface connects directly to the Monitoring Console. ).
>>
>> How is everyone else sending E-Mail responses/alerts in a secure
>> configuration ?
>>
>> TIA
>>
>> Mark
>
>--
>
>
>Regards,
>
>
>
>George Milliken
>
>---------------------------------
>farm9, Inc.
>
>Online Intrusion Prevention 24x7
>http://www.farm9.com
>---------------------------------
>
>
>
>
Get your FREE Email at http://www.mailcityasia.com
